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(57) The invention relates to a method for perform- 
ing a short-range wireless transaction between an hy- 
brid wireless terminal and a service terminal. The hybrid 
terminal is able to communicate over a first interface 
with a radio communication network and over a second 
interface for short-range wireless access with a service 
terminal, the hybrid wireless terminal comprises a user 
authentication information for authenticating a user in 
the radio communication network. 

According to the invention, the method consists of: 



transmitting over the second interface for short- 
range wireless a message to the service terminal 
comprising at least the user authentication informa- 
tion; 

authenticating the user at the service terminal by 
checking the received user authentication informa- 
tion against an authentication database; 
enabling the transaction if the user authentication 
has been successful. 
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Description 

[0001] The present invention relates to wire I ess short- 
range data communication systems and more particu- 
larly to a method for performing short-range wireless 
transactions between an hybrid wireless terminal and a 
service terminal. 

[0002] An hybrid wireless terminal should be under- 
stood as a wireless terminal dedicated to access to a 
radio communication network, as for example a GSM 
mobile phone or third generation UMTS mobile phone, 
further comprising an interface for short-range wireless 
access, for example a Bluetooth interface. An example 
of such an hybrid wireless terminal is already known 
from Bluetooth Specification Version 1.0 B page 100 
from 1 December 1999 and describesthe "3-in-1 phone" 
model with built-in Bluetooth technology. 
[0003] At home, the "3-in 1 phone" functions as a 
cordless telephone. On the move, it functions as a cel- 
lular telephone. For these two first applications, the mo- 
bile telephone uses the usual interface to a radio com- 
munication network at home the 3-in-1 phone commu- 
nicates for example over DECT to a local base station, 
on the moves, the 3-in-1 phone communicates over 
GSM. 

[0004] In a third configuration, when the 3-in-1 phone 
comes within the range of another mobile phone with 
built-in Bluetooth technology, it functions as a walkie- 
talkie and communicates exclusively with the other mo- 
bile phone overthe Bluetooth interface. In that case the 
communication does not require resources from a radio 
communication network. Moreover, the communication 
is not billed. 

[0005] Bluetooth is a computing and telecommunica- 
tions industry specification that describes how mobile 
phones, computers, personal digital assistants and oth- 
er stand-alone devices can easily interconnect with 
each other using ashort-range wireless connection. The 
technology requires that a low-cost transceiver chip be 
included in each device. Each device is equipped with 
a microchip transceiver that transmits and receives in a 
frequency band of 2.45 GHz that is available globally 
(with some variation of bandwidth in different countries). 
The maximum range between two Bluetooth equipped 
devices for setting up a connection is 10 meters. Data 
as well as voice communications can be set up over the 
Bluetooth interface. Data can be exchanged at a rate of 
1 megabits per second (up to 2 Mbps in the second gen- 
eration of the technology). A frequency hop scheme al- 
lows devices to communicate even in areas with a great 
deal of electromagnetic interference. Each device is 
identified by a unique 48-bit address defined in the Blue- 
tooth standard. Built-in encryption and verification of this 
unique address is provided for ensuring the connection 
security. However, the verification described in the Blue- 
tooth standard is uniquely based on a device identifica- 
tion. This identification prevents a Bluetooh device not 
registered at another Bluetooth device to communicate 



with it. A drawback of this device-based identification is 
that no user authentication is possible and as a conse- 
quence a lot of applications requiring a user authentica- 
tion are not possible over the short-range wireless Blue- 
5 tooth interface. 

[0006] The term service terminal is used to cover ter- 
minals that are able to provide a service to a user that 
starts a transaction with this service terminal over a 
short range wireless interface. During a transaction, a 
10 user requests a service to be provided by the service 
terminal . the transaction comprises a dialog between 
the user and the service terminal for checking the mo- 
dalities in which the service has to be provided as well 
as an authentication of the user. If the authentication has 
15 been successful, the service terminal provides the serv- 
ice to the user and ends the transaction. 
[0007] Since the services provided by the service ter- 
minal are preferably billed to the user, the authentication 
of the user is required for authorizing the service termi- 
20 nal provider to be credited the amount of money re- 
quired for the service. Possible examples of service ter- 
minals entering this category are: a toll gate that opens 
automatically and deducts the toll gate price from the 
bank account of drivers equipped with an hybrid mobile 
25 phone with Bluetooth interface, a drink automate that is 
controlled by an hybrid mobile phone from a user want- 
ing to buy a drink, the cost of this drink being deducted 
from his bank account or added to his phone bill. 
[0008] On the other hand, the services provided by a 
30 service terminal may be confidential. In that case, an 
authentication of the user is also required to preserve 
confidentiality. Example of service terminals entering 
this category are printers of bank account extracts con- 
trolled with an hybrid mobile phone or printers of medical 
35 reports controlled over an hybrid mobile phone. 

[0009] A particular object of the present invention is 
to provide a method enlarging the spectrum of applica- 
tions supported by an hybrid mobile phone in providing 
a method for user authentication over the short-range 
40 wireless interface. 

[0010] Another object of the invention is to take ad- 
vantage of the capabilities of an hybrid terminal to re- 
duce the load produced by certain applications on the 
radio communication network. 
45 [0011] These objects, and others that appear below, 
are achieved by a method for performing a short-range 
wireless transaction between an hybrid wireless termi- 
nal and a service terminal, the hybrid terminal being able 
to communicate over a first interface with radio commu- 
50 nication network and over a second interface for short- 
range wireless access with a service terminal, the hybrid 
wireless terminal comprising a user authentication infor- 
mation for authenticating a user in the radio communi- 
cation network. The method consists in performing the 
55 steps of: 

transmitting over the second interface for short- 
range wireless access a message to the service ter- 
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minal comprising at least the user authentication in- 
formation; 

authenticating the user at the service terminal by 
checking the received user authentication informa- 
tion against an authentication database; 
enabling the transaction if the user authentication 
has been successful. 

[0012] This method has the advantage that a trans- 
action between the hybrid wireless terminal and the 
service terminal is independent on the radio communi- 
cation network coverage. Indeed, even if the user is lo- 
cated in an area where no radio communication network 
coverage is provided, he can make a transaction with 
the service terminal. 

[0013] Another advantage of this method is that a 
transaction with the service terminal and a communica- 
tion over the radio communication network can be per- 
formed simultaneously since the transaction with the 
service terminal does not require any radio communica- 
tion network resources. 

[001 4] The present invention also concerns a service 
terminal according to claim 6 and an hybrid wireless ter- 
minal according to claim 8. 

[001 5] Other characteristics and advantages of the in- 
vention will appear on reading the following description 
of a preferred implementation given by way of non-lim- 
iting illustrations, and from the accompanying drawings, 
in which: 

Figure 1 shows a system where a method according 
to the invention can be implemented; 
Figure 2 shows a flow diagram of an embodiment 
of the method according to the present invention; 
Figure 3 shows an embodiment of a wireless termi- 
nal according to the present invention; 
Figure4 shows an embodiment of a service terminal 
according to the present invention. 

[0016] Figure 1 shows a system where a method ac- 
cording to the invention can be implemented. The sys- 
tem comprises an hybrid wireless terminal 11 , a base 
station 13 belonging to a radio communication network 
14, a service terminal 12 and an authentication data- 
base 15. 

[0017] Hybrid wireless terminal 11 comprises an an- 
tenna 111 for communicating over the air interface with 
base station 1 3 of the radio communication network 1 4 
and a short-range wireless interface 112 for communi- 
cating over the air interface with service terminal 1 2. 
[001 8] Radio communication network 1 4 is preferably 
a GSM network or an UMTS network. However, any oth- 
er radio communication network providing features en- 
suring communication security like authentication and 
authorization could also be examples for radio commu- 
nication network 17. 

[0019] The short-range wireless interface used for 
communicating between hybrid wireless terminal 1 1 and 



service terminal 12 is preferably based on the Bluetooth 
standard. However, any other standardized short-range 
wireless interface may also be envisaged. Another ex- 
ample could be the Home RF standard. Both Bluetooth 
5 and Home RF are based on radio frequency communi- 
cation. Also optical communication using infrared may 
be used over the short-range wireless interface. Stand- 
ards defined by the Infrared Data Association (IrDa) de- 
scribes such an Infrared communication. 
10 [0020] An advantage of radio frequency communica- 
tion over the short-range wireless interface is that the 
antenna may be used for communication with radio 
communication network 14 as well as with service ter- 
minal 14. By using infrared communication on short- 
's range wireless interface an infrared emitter should be 
incorporated to the hybrid terminal. 
[0021] A condition for a communication to be estab- 
lished over the short-range wireless interface is that the 
distance between the hybrid wireless terminal and the 
20 service terminal is compatible with the distance indicat- 
ed in the standard (i.e. up to 10 meters for Bluetooth) 
for the radio wave to be received properly. 
[0022] Such a distance condition is usually not set for 
communicating with radio communication network 14 
25 since it is the purpose of a radio communication network 
provider to design his network so that a whole area cov- 
erage is ensured. This is achieved by an appropriate po- 
sitioning of the bases stations and the provision of hand- 
over procedure. The goal of short-range wireless com- 
30 munication, on the contrary, is to enable a communica- 
tion between two devices either close to each other or 
even in front of each other without any obstacles in be- 
tween. 

[0023] According to the invention hybrid wireless ter- 

35 minal 11 transmits over short-range wireless interface 
112 a user authentication information used at service 
terminal 12 to perform user authentication. This user au- 
thentication information is located in an identification 
module at wireless terminal 1 1 already dedicated to be 

40 used for authenticating the user of wireless terminal 11 
in radio communication network 14. This identification 
module is preferably the SIM (Subscriber Identification 
Module) card and comprises user authentication infor- 
mation. Example of such user authentication informa- 

45 tion may be the IMSI orTMSI (International resp. Tem- 
porary Mobile Subscriber Identification). Other possible 
user authentication information enabling it to univocally 
identify the user may also be saved on the SIM card for 
example a bank account number or a PIN number. 

50 [0024] For providing such short-range communica- 
tions with security somewhat comparable to the security 
provided in radio communication network 14, service 
terminal 12 is connected to a database 15 containing 
user authentication information of users authorized to 

55 make transactions with service terminal 12. 

[0025] This database may be physically connected to 
service terminal 12. Database 15 may also be part of 
service terminal 12 itself. In such a case, each service 
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terminal is connected to a replicated version of database 
15. 

[0026] Alternatively, this database 1 5 may be a cen- 
tral element to which service terminal 12 is connected 
over an appropriate network. In this configuration, sev- 
eral service terminals may be simultaneously connected 
to database 15. In this case, the database contents have 
not to be replicated and as a consequence are less sub- 
ject to data inconsistencies. 

[0027] I n a preferred embodiment, database 1 5 is the 
same database as the one used by the radio communi- 
cation network 14 for performing authentication in the 
radio communication network 14. In this embodiment, 
database 15 may correspond to the Home Location 
Register (HLR) of the radio communication network 14. 
The service terminal 1 2 is allowed by the radio commu- 
nication network operator to have access to the HLR 
over a specific secured connection. In case service ter- 
minal 1 2 is part of a network of a plurality of service ter- 
minals, a central entity in the network of service terminal 
may be responsible forforwarding the authentication re- 
quests from the different service terminals to the HLR 
preferably over a permanent connection between this 
central entity and the HLR. 

[0028] Figure 2 shows a flow diagram of an embodi- 
ment of the method according to the present invention 
comprising steps 21 to 25. 

[0029] Step 21 consists in sending a transaction re- 
quest from the hybrid wireless terminal to a service ter- 
minal. At this stage, the usual Bluetooth standardized 
connection procedure can be used. 
[0030] Step 22, also part of this standardized connec- 
tion procedure, consists in performing the identification 
of the hybrid wireless terminal atthe service station. This 
identification makes use of the unique 48-bit address 
identifying each Bluetooth capable device. 
[0031] Step 23, according to the invention and addi- 
tionally to the device identification performed at step 22, 
consists in performing user authentication. Atthis stage, 
a user authentication information stored in a identifica- 
tion module atthe hybrid wireless terminal is transmitted 
in a specific message to the service terminal over the 
Bluetooth interface. This user authentication informa- 
tion is preferably also used for authenticating the user 
in the radio communication network, the hybrid wireless 
terminal is able to communicate with. 
[0032] Step 24 consists, upon reception of this spe- 
cific message at the service terminal, in extracting the 
user authentication information and performing a check 
against a database containing user authentication infor- 
mation of all users authorized to perform a secured 
transaction with the service terminal. 
[0033] If the authentication is successful, that is to say 
the user is one of the users authorized to perform se- 
cured transactions with the service terminal, the service 
terminal sends an acknowledgement to the hybrid wire- 
less terminal acknowledging his transaction request. 
[0034] Step 25 consists in performing the transaction 



itself. 

[0035] If the authentication at step 24 has not been 
successful, the transaction request is rejected. As addi- 
tional security mechanism, the parameters of this un- 

5 successful transactions may be stored in a log file used 
for detecting suspicious transactions attempts. 
[0036] In a preferred embodiment, the message con- 
taining the user authentication information may be pro- 
tected by encryption for preventing possible interception 

10 attempts. This is all the more important as interception 
of an unprotected user authentication information could 
enable an ill-intentioned interceptor to perform money 
transactions on the behalf of the user. Any usual encryp- 
tion mechanisms as known by those skilled in the art 

15 may be envisaged. It is possible to use the same en- 
cryption mechanism as the one used in the radio com- 
munication network, the hybrid wireless terminal is able 
to communicate with. 

[0037] Figure 3 shows an embodiment of an hybrid 
20 wireless terminal according to the present invention. Hy- 
brid wireless terminal 30 comprises two parts 31 and 32. 
First part 31 is dedicated to support communication with 
a usual radio communication network as GSM or UMTS 
for example. 

25 [0038] First part 31 comprises an antenna 311 , inter- 
face to the radio communication network, a first sender/ 
receiver module 312, a first communication controller 
313, and a subscriber identification module 314. 
[0039] Second part 32 comprises a short-range wire- 
30 less interface 321 for communicating over the air inter- 
face with a service terminal, a second sender/receiver 
module 322 and a second communication controller 
323. The standard used over this interface is preferably 
Bluetooth. 

35 [0040] In prior art solutions, the two parts 31 and 32 
of this kind of hybrid terminal are independentform each 
other. On the contrary, according to the present inven- 
tion, the subscriber identification module 314 is shared 
by first part 31 and second part 32 so that the second 
40 communication controller 322 can access to the sub- 
scriber identification module 314 for extracting a user 
authentication information form this module and trans- 
mitting it in an appropriate message over sender/receiv- 
er module 322 and interface 321 on the short-range 
45 wireless interface. 

[0041] In another embodiment of hybrid wireless ter- 
minal 30, the two sender/receivers 312 and 322 or the 
two communication controllers 313 and 323 may be lo- 
cated on the same physical entity, the communication 
50 process controlling the two parts being distinct. In that 
case the process controlling the communication of sec- 
ond part 32 has access to subscriber identification mod- 
ule 314 what would still be in the scope of this invention. 
[0042] Figure 4 shows an embodiment of a service 
55 terminal according to the present invention. Service ter- 
minal 40 comprises a short-range wireless interface 41 , 
a sender/receiver module 42, a communication control- 
ler 43, an authentication module 44 and an authentica- 
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tion database 45. 

[0043] When receiving an message over interface 41 , 
and sender/receiver 42, this message is forwarded to 
communication controller 43 ; said communication con- 
troller detects if this message is an authentication mes- 
sage comprising a user authentication information. If it 
is the case, this message is forwarded to authentication 
module 44 which makes a request to an authentication 
database 45 to check the user authentication informa- 
tion against the database contents. 
[0044] As already mentioned above, the authentica- 
tion database may be external to the service terminal. 
In such a case, authentication module 44 sends a au- 
thentication request to this external database over a 
dedicated interface. 

[0045] As also mentioned above, the user authentica- 
tion information may be encrypted. It is also the task of 
the authentication module to decrypt the user authenti- 
cation information before checking it against the data- 
base contents. If the authentication has been success- 
ful, the authentication module 44 triggers the communi- 
cation controller to send a transaction acknowledge- 
ment over the sender/receiver 42 and the interface 41 . 
[0046] As a conclusion, according to this invention, 
sharing user authentication information between usual 
radio communication network and short range wireless 
communication system is a source of new value added 
and secured applications for user of hybrid wireless ter- 
minals. 



Claims 

1 . Method for performing a short-range wireless trans- 
action between an hybrid wireless terminal (11 , 30) 
and a service terminal (12), said hybrid terminal (11) 
being able to communicate over a first interface 
(111) with a radio communication network (14) and 
over a second interface for short-range wireless ac- 
cess (112) with said service terminal (12), said hy- 
brid wireless terminal (11) comprising a user au- 
thentication information for authenticating a user in 
said radio communication network (14), said meth- 
od being characterized in that it comprises the 
steps of: 

transmitting over said second interface (112) a 
message to said service terminal (12) compris- 
ing said user authentication information; 
authenticating said user at said service terminal 
(12) by checking said received user authenti- 
cation information against an authentication 
database (15); 

enabling said transaction if said user authenti- 
cation has been successful. 

2. Method according to claim 1 . characterized in that 

said authentication database (15) is shared by said 



service terminal (1 2) and said radio communication 
network (14). 

3. Method according to claim 2 . characterized in that 

5 said authentication database (15) is the Home Lo- 
cation Register (HLR) of said radio communication 
network (14). 

4. Method according to any of the claims 1 to 3, char- 
ge acterized in that said interface for short-range ac- 
cess at said hybrid wireless terminal (1 1 ) and at said 
service terminal (12) are compliant with the Blue- 
tooth standard. 

15 5. Method to any of the claims 1 to 4, characterized 
in that said user authentication information is part 
of a SIM (Subscriber Identity Module) card. 

6. Service terminal (40) dedicated to perform a trans- 
20 action over a short-range wireless interface (41), 

characterized in that it comprises: 

means (42, 43) for receiving a user authentica- 
tion information from a wireless terminal, said 
25 user authentication information being dedicat- 

ed to authenticate a user in a radio communi- 
cation network; 

an authentication module (44) for authenticat- 
ing said user at said service terminal (40) by 
30 checking said received user authentication in- 

formation against an authentication database 
(45) of said radio communication network, said 
authentication module enabling said transac- 
tion if said authentication has been successful. 

35 

7. Service terminal (40) according to claim 6 charac- 
terized in that it further comprises decryption 
means for decrypting said received user authenti- 
cation information according to a predefined de- 

40 cryption algorithm. 

8. Wireless terminal (11, 30) comprising a first part 
(31 ) for communicating with a radio communication 
network and a second part (32) for communicating 

45 with a service terminal over a short-range wireless 
interface (321 ) , said first part (31 ) comprising a user 
authentication module (31 4) for authenticating a us- 
er in said radio communication network, said wire- 
less terminal (30) being characterized in that said 
50 second part (32) has access to said user authenti- 
cation module (314) and transmits at least an user 
authentication information contained in said user 
authentication module (314) over said short-range 
wireless access interface (321) to said service ter- 
55 minal for authenticating said user in said service ter- 
minal. 

9. Wireless terminal (11, 30) according to claim 8, 
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characterized in that it further performs encryption 
of said user authentication information according to 
a predefined encryption algorithm before transmit- 
ting said user authentication information over said 
short-range wireless interface. 
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